Security vendor Zscaler launched three new products at its Zenith Live 2026 conference in Las Vegas on June 9 designed to give enterprises control over AI agents running across their infrastructure. The announcement positions Zscaler as the first vendor to offer what it calls a complete zero trust platform for agentic AI.

The products — AI Broker, AI Access Graph, and Endpoint AI Security — address a governance gap that has been widening since organizations started deploying AI agents at scale. Unlike human users who log in once and follow predictable paths, agents operate continuously, spawn sub-agents, create temporary identities, and access enterprise systems in ways that traditional security tools were not built to handle.

Three Products, One Governance Problem

AI Broker secures communications between AI agents using the Model Context Protocol (MCP) and agent-to-agent (A2A) channels. Every agent interaction passes through the broker, which enforces an integrated registry that maps exactly what each agent is permitted to access. If an agent tries to reach a system it has no business touching, AI Broker blocks the request.

AI Access Graph gives security teams a map of how identities, applications, and data sources connect across the organization. The technology came from Zscaler’s acquisition of Symmetry Systems in May 2026 for $175 million. The idea is straightforward: you cannot govern what you cannot see, and most enterprises have no clear picture of how their AI agents are wired to the rest of the business.

Endpoint AI Security extends the scope of threat detection from servers and cloud environments down to employee devices — specifically the browsers, extensions, plugins, and locally installed AI tools that traditional endpoint security products were not designed to inspect. As more employees run local models and AI assistants alongside corporate systems, the attack surface has expanded well beyond the perimeter.

Zscaler is also delivering enhancements to its existing AI Protect platform, originally launched in January 2026. New AI Asset Management capabilities now discover embedded AI in SaaS and internet traffic, identify AI agents and MCP servers running in public cloud environments, and scan agentic codebases for risk.

Why This Matters Now

The velocity of enterprise AI agent adoption has outpaced the governance tools available to manage it. Research suggests enterprises will soon run dozens of AI agents for every employee — agents that persist across sessions, spawn child agents to complete sub-tasks, and accumulate permissions over time. That creates a fundamentally different security posture from the human-centric access model most organizations have been operating under for the past decade.

The problem is compounded by shadow AI: agents deployed by individual teams or developers without central IT visibility. Microsoft’s Agent 365, which went generally available in May, addresses the same challenge from the Microsoft ecosystem. Zscaler’s approach extends the governance layer across vendors and platforms, working alongside AWS Bedrock, Google Cloud, and whatever agents employees bring in through their devices.

Ecosystem partners including Zendesk, n8n, and Kore.ai have built agents natively compatible with Zscaler’s platform, giving enterprises a cleaner path to governed multi-agent deployments.

What This Means for Business

If your organization is running AI agents — or planning to — the governance conversation can no longer be deferred. The security challenges Zscaler is addressing are real and growing: agents with excessive permissions, unauthorized data access, unmonitored agent-to-agent communications, and local AI tools running outside IT’s line of sight.

The practical question for most businesses is not whether to govern AI agents, but where to start. A few principles apply regardless of which tooling you use:

Know what agents you have running. Shadow AI is not just a shadow IT problem rebranded. Agents embedded in SaaS tools, extensions, and developer workflows are often invisible to security and operations teams until something goes wrong.

Define permissions before deployment, not after. The agent registry concept Zscaler introduced — mapping what each agent is allowed to access before it runs — is the right mental model. Retrofitting access controls onto running agents is significantly harder than building them in from the start.

Treat agent identity like human identity. The same principles that apply to privileged user access — least privilege, regular review, anomaly detection — apply to agents. Agents should not accumulate permissions over time without audit.

Build governance into your AI infrastructure stack. The enterprise AI market is converging on the idea that agents need a control plane, not just a deployment environment. Whether that control plane comes from Microsoft, Zscaler, ServiceNow, or a combination depends on your existing infrastructure — but the direction is clear.

For organizations working through what a governed AI agent deployment looks like in practice, Enterprise DNA’s Omni Ops service is built around exactly this challenge: deploying AI agent workforces that are effective and manageable, with governance built in from day one rather than bolted on later.

The Zscaler announcement is a useful signal of where enterprise security spending is heading. Governance tools for AI agents are no longer a future requirement — they are the current gap that enterprises need to close before their agent deployments scale past the point of manual oversight.